If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

xinetd vs Tripwire

Hi Guys!!

Got RH 8 installed om my laptop, but i want to secure it as much as I can before go networked.
In RH 8 xinetd is installed by default. But I wonder should I aslo use Tripwire?! Isn't xinetd an substitute for tripwire and inetd?! Or I am I wrong?!

Since the computer is pretty new installed I want to re-compile it soon, should I wait to install Tripwire until I got the kernel "lighter", because of to many Trip-log-messages?!

I've heard of AIDE.. is it better then Tripwire?!

(that's alot of question, sorry... but I'm a curious newbie that want a stabel system ).

xinetd is a good combination of inetd and tcpwrappers and can be used for controlling which net services you run as well as access control for those services.

Tripwire on the other hand is a host based ids system that can tell you when files are changed or rootkits have been used. It basically creates md5 checksums for your critical system files and tells you if anyone has modified them.

I'd use both of these and add on a firewall like ipchains....errr...iptables (ipchains is older, just had it stuck in my brain from my gsec reading).

"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chshBlog of X

Juridian was answer faster then I did.. But here is some info and links to read more about the products you mentioned .

Source: xinetd
xinetd is a secure replacement for inetd, the internet services daemon.

Why should I use it ?

1) It can do access control on all services based on:
a. address of remote host
b. time of access
c. name of remote host
d. domain name of remote host
2) Access control works on all services, whether multi-threaded or single-threaded and for both the TCP and UDP protocols. All UDP packets can be checked as well as all TCP connections.
3) It provides hard reconfiguration:
a. kills servers for services that are no longer in the configuration file
b. kills servers that no longer meet the access control criteria
4) It can prevent denial-of-access attacks by
a. placing limits on the number of servers for each service (avoids process table overflows)
b. placing an upper bound on the number of processes it will fork
c. placing limits on the size of log files it creates
d. placing limits on the number of connection a single host can initiate
e. place limits on the rate of incoming connections
f. discontinue services if the load exceeds specified limit
5) Extensive logging abilities:
a. for every server started it can log:
i) the time when the server was started
ii) the remote host address
iii) who was the remote user (if the other end runs a RFC-931/RFC-1413 server)
iv) how long the server was running
(i, ii and iii can be logged for failed attempts too).
b. for some services, if the access control fails, it can log information about the attempted access (for example, it can log the user name and command for the rsh service)
6) No limit on number of server arguments
7) You can bind specifc services to specific IP's on your host machine

Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.
There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.